In a typical pay-tv system such as the VIDEOCRYPT or EUROCRYPT systems, two kinds of data packets are transmitted via a decoder to a "user", e.g. a smart card. A first type of packet, designated ECM in EUROCRYPT systems, contains information which will permit the decoder to descramble signals such as video and/or sound signals. The descrambling data is returned to the decoder in a form that enables descrambling in the decoder only if the user is authorized to access the current program. When the user is represented by a smart card, access authorization is indicated by "entitlement data" stored in the card.
A second type of packet, designated EMM in EUROCRYPT systems, contains information which will update user entitlement data by, for example, modifying data stored in a smart card. Typically, one of two types of entitlement data is stored in a smart card. The first type involves storing the beginning and ending dates of the period during which user access is authorized. The second is simply the current entitlement state, i.e. authorized or not. The first type of data requires more memory and processing time than does the second. It is desirable, therefore, to design a system using the second type of entitlement data.
However, certain security problems are associated with the second type of entitlement data. For example, once an entitlement state is set to "authorized", preventing EMM data from being written to a smart card will prevent the entitlement state from being changed to "unauthorized". In FR-A-8914417, a system of protection against the inhibition of writing in smart cards is described. This system may not provide sufficient security.